Java 后台sql注入

JdbcTemplate.update(sql, ArrayList.toArray())

Connection conn = null;
PreparedStatement ps = null;
conn = JdbcUtils.getConnection();
String sql = "select id,name,birthday,money from user where name=?";
ps = conn.prepareStatement(sql);
ps.setString(1, name);
rs = ps.executeQuery();

posted @ 2016-03-24 15:49  silentmuh  阅读(374)  评论(0编辑  收藏  举报
Live2D